ramnit | 340c9cca533d419fd91da066cd89a0000c1aa96700ced431701f9950403e81c9 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

e43af739d8...18.dll

windows7-x64

e43af739d8...18.dll

windows10-2004-x64

Sharing

General

Target

e43af739d8c6b0284f961a6ac3b055a0_JaffaCakes118
Size

804KB
Sample

241212-clzqeswrav
MD5

e43af739d8c6b0284f961a6ac3b055a0
SHA1

8ffcaa3a43460132898f5662f18d870b1b262b0e
SHA256

340c9cca533d419fd91da066cd89a0000c1aa96700ced431701f9950403e81c9
SHA512

c976598ee93ad6728b24d865d706781707bee3c6f02ae57190e048bc67d4636a5d90f89607e4d523350ae8864c34c9faa58faa5f6a3128bbb9a7dd2bacb3f0db
SSDEEP

12288:t6wseXyl8eHx0Tos+QY+TviT1Lj6V99mqDuWCSsmj7:t6wseXyl8eHx0Tos+p+6+DuWCSN

Score

10^/10

ramnit banker discovery spyware stealer trojan upx worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

e43af739d8c6b0284f961a6ac3b055a0_JaffaCakes118.dll

Resource

win7-20241010-en

ramnit banker discovery spyware stealer trojan upx worm

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

e43af739d8c6b0284f961a6ac3b055a0_JaffaCakes118.dll

Resource

win10v2004-20241007-en

ramnit banker discovery spyware stealer trojan upx worm

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  e43af739d8c6b0284f961a6ac3b055a0_JaffaCakes118
- Size
  
  804KB
- MD5
  
  e43af739d8c6b0284f961a6ac3b055a0
- SHA1
  
  8ffcaa3a43460132898f5662f18d870b1b262b0e
- SHA256
  
  340c9cca533d419fd91da066cd89a0000c1aa96700ced431701f9950403e81c9
- SHA512
  
  c976598ee93ad6728b24d865d706781707bee3c6f02ae57190e048bc67d4636a5d90f89607e4d523350ae8864c34c9faa58faa5f6a3128bbb9a7dd2bacb3f0db
- SSDEEP
  
  12288:t6wseXyl8eHx0Tos+QY+TviT1Lj6V99mqDuWCSsmj7:t6wseXyl8eHx0Tos+p+6+DuWCSN
Score

10^/10

ramnit banker discovery spyware stealer trojan upx worm
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Ramnit family
  ramnit
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ramnitbankerdiscoveryspywarestealertrojanupxworm

behavioral2

ramnitbankerdiscoveryspywarestealertrojanupxworm

© 2018-2025

Terms | Privacy